This disclosure relates to user authentication, and more specifically, to a continuous user authentication tool and computer-implemented method for verifying the identity of a user of a mobile device during an electronic communication session.
The use of near real-time electronic communication, such as (but not limited to) text messaging (e.g., short message service (SMS), multimedia messaging service (MMS), enhanced messaging service (EMS), etc.), instant messaging (IM) and internet relay chat (IRC), is commonplace throughout much of the world. Indeed, with nearly 2 trillion text messages annually in the United States and nearly 7.5 trillion worldwide, electronic communication has become a routine part of everyday life in industrialized countries. An electronic communication, such as a text message, is typically directed to a recipient's mobile computing device, such as a smart phone, tablet and other handheld computing devices.
A challenge associated with near real-time electronic communication systems is that participants in the electronic communication session cannot be assured of the true identity of the other participants with whom they are communicating. Instead, each participant generally assumes that he is communicating with a trusted and known individual(s) with whom the participant associates with the mobile device(s) to which the communications are directed. Many mobile devices, however, do not have adequate security to prevent unauthorized use if the mobile device is lost, stolen or otherwise picked up by an unknown person. While some mobile devices are password protected in an effort to prevent unauthorized access to the mobile device, passwords may be stolen and techniques exist to bypass or reveal the password on the mobile device. Furthermore, if a mobile device is being used by an unknown person with the owner's consent, a participant transmitting an electronic communication to the borrowed mobile device would not know that he is not communicating with the trusted and known individual with whom the participant associates the borrowed mobile device. In each of these circumstances, an unknown person who has gained access to the mobile device would appear to other participants in an electronic communication session directed to that mobile device as the trusted and known user.